Overview

overview

10

Static

static

6

69ae5079f2...f9.apk

android-9-x86

10

69ae5079f2...f9.apk

android-10-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    05/02/2025, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69ae5079f26908ff840960dc5bea1d055d3b1bd78318102a4e64b605ee7e4ff9.apk

  • Size

    4.1MB

  • MD5

    45b5377f3a42484d5391af34ad47785c

  • SHA1

    8fb49e59b8e025a70be935ad0a720a677ca1031d

  • SHA256

    69ae5079f26908ff840960dc5bea1d055d3b1bd78318102a4e64b605ee7e4ff9

  • SHA512

    e22e285dc0b4739d191f3be9e339e7076af02e0f907cbebb0d7fb7c7584f7c741e7b8ff3c7993bd4672d0308a7f82ff41137fbbf4e4c6fc5fb5cf7611c01f034

  • SSDEEP

    49152:ygmPDdoPGRo5X3meyRZJyYVza3qc65Kt6u7wpymvMfVVW9BX5pgtflZMekqeDj0V:WD6hbYZkLjtB7fTg7gdlVkXjvYCZAz9F

Score
10/10
androratbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5066

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    c8f6ba71cea84260cb55fd11ad2d0c4a

    SHA1

    d1f1e7e20a168047729d1c959de13401707a5691

    SHA256

    fb799b0b47b3404aa43a4fd4a6b43d7d8367a58dae8d25ec2d331d9005f8d867

    SHA512

    66485f9c9adc1f8514773d14103b62488e3b9ab05a4dac322f17d51641924589b2eee3c46cb67673b0053bc3f3e3de3c013ddc3d2603e0445349867a51e8d774

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    0ec8d5e24581e56eb01c45155efe2049

    SHA1

    4de2aebc5e22d0420e54cb553c2739e50481e50a

    SHA256

    5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616

    SHA512

    23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    de90e60f799590f6b8fb5a973242d5e4

    SHA1

    464d95077a0c20e8f1abd0542cef67cb902d998e

    SHA256

    bee05e87fd6ccaed3982cf9adcceddbe9a810cab817d0447faf031ccb1a68f4c

    SHA512

    159ccb21c68292a85b099ebdd96287731e25b1ad792554ca652990c054ee7fdc3e510384b89698d26570b6834e34a101ece97ee7a465c2b876ffd6fdbe853c7b

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    aa437c0dd4178529cc22de4fd348b40f

    SHA1

    854f1583cb4323f159dacdd7630aa885fe0ecb38

    SHA256

    8a1c872c26b8de8ad45b1c15e59b4180a1c6758d6a967c3513d2ca9c158d7a42

    SHA512

    0a9c4745cd4f0ea2a4976dcdd0954cfc7b147391900bddcc0dda3ccec63874fbd375677663ed967efadaf2c0dce514febaca73629edbe52a941cb9580244877a

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ce3392492c50810730d1fbe2465f8fe7

    SHA1

    ec6d76600a8a036132359ae82cbe826bfec27c48

    SHA256

    6775accd10ab252d246d00032e26a3fcb91421f625870e56f3f842510757942f

    SHA512

    04aff33d3e1f783ce8fad44377c61b8b5a264bbf8c68fc280a7e1fb16f16308946e4507dcd8e58f46b8988c0c1076dfa7c327d68b1b5c3a78e4db999858e1e67

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    39c751bf6df5412a761653274ae894a9

    SHA1

    b3c92e5ad43374446482b9803e3153da844702c7

    SHA256

    d78336de1272365c567fab8ffab4317276f2a487287183315e28f6da7d2112f5

    SHA512

    400315ea250e1954003da7197845a8ace0027ecdd3416607000ec9c5a6e7c6953916e71f6524110ad716d65bc8452c4944a0a0b26f65d9f1989b1d8d5237fb0b

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    e247149e6f7a5ff0545c69aa289f6f31

    SHA1

    f8880f5f1cf4f12b6897f0e1f56e8847fa52d2df

    SHA256

    2af53e4669c4a2f1d19f7240e361141a66bb2688241d5692a5acba0de11774aa

    SHA512

    aee45a51ce990c82eb3dc77f209ae28b2ff9ffbfdba0569b9d653ce28472f5d1b74b2e73cf8de133bd25cde5c54f5faaa3dce3331ec3bfe1cdf7037e4f9a182d

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    12627a2ec645c4a4bc50dba5903afd59

    SHA1

    504005c938517e61bcf68b65a055c2faba635c2e

    SHA256

    f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

    SHA512

    7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    24b080d39fbd9ca7b8382586b11f3179

    SHA1

    0ec0e925e34c066a615941400754d9a35785a4b9

    SHA256

    c225d281a552e99b6cd0d7696e3c385a2700142bb8b5c8a6d8984d2f6f932b0a

    SHA512

    b0c27e6b4787987e1adc9b37bd4626fed595d9bbc84dfd822e936900e1339bcefafaa91625ad4370b70876ad3af2fa72e46fc262c82a06eac6b17ffc29b69711

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    77ac2978c9391e15dcb31ea5283af63e

    SHA1

    1429527405b2c45c57ab44f5a8061687a3905e86

    SHA256

    0797fd5f11f7e8065106bc1e486a1c6d4d82212ea372f9fef3550ba19951e2a9

    SHA512

    e101c9506ee056c338d1b7c44b4d1c5c958848f8a41dc65db8a0d6c02e826c4978a02efce7fc0cb5b547b2af64d34a296e518c9129a739a7634ea8688001e214

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a6d450739cf952d2c51a53181d8119f1

    SHA1

    33962f750a5cd5e353900fd05e7ec99ec6d5352e

    SHA256

    1967d4c05462952074c7d8bf4e890536a834cc2b51cbbd661a31bea9840ba394

    SHA512

    0022cd44210d8ffc3b49902c6af13fa85a355931cd1506767b5b40f20bea9254a1f1e0cd1817f3de39d6e73af226d9e27d48e58e4623f8e65079355bef215d8d

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    7fa37a95fb8a7cdf37261052377c4bd1

    SHA1

    8b373eca86f3e74c4237a04be3355d3df4b8d7ac

    SHA256

    135b87ebac375afca9390e07cca88b6c784f44ac83b6463647d67e6188e127b5

    SHA512

    c0aab0f489c8b9fa54cc07ce107feb3e9b89d131f37563b355bf4cfa4f8eb286920d3244030c46485d43c4ae8502e83ce186857e734d2cf69521bf238f7401b1

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    32a0f44bbe54c34e4866f3565176aeb4

    SHA1

    c61024bf7c89f2b3511953c23bdd53a68907dd16

    SHA256

    b812607dc0cd7f9dfebcbc3dd4cf721e9482432e7ffe4a07f101df634f37193b

    SHA512

    be0db5dd1b87df1491da63e77ac85f4c06e837e13f2106cbbe7ab657fbc302fce1c9620ffd8e3c9339affc106814d72f8487de28f995a7c7a9e102a9972b538a

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    305128bd6ef70274c8a77ca6388cb841

    SHA1

    9abcb5131e13b119b8bbf8c08f5734cd7d861b11

    SHA256

    0ac372970d8df4b0214e0a08076eda67fb8d2f4ed848961b8e3225b861215504

    SHA512

    1c8333cd05e4bec359a4ef69df118a829a7251fbd050c6c058dc5836163d005861ec1b6a8e136cb6965ba61c1fa9d888113585f33234471d2a408ca5bd52e3cb

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    7997fd153a06b076a749e905e23320d3

    SHA1

    c41cf98035cdb441dc39f5b410b1edfff92ea413

    SHA256

    225f7fe401cb9aea4bf1dc27846120e2ec1bbdf76bb7530e27426883acc25d57

    SHA512

    7cbfb5eae465204b31959671732d574c19a3c10bd803ea13d7af4bb705280fa5c88610f1828b53fefc8eac0944c2dae773150948e3df25e18db9aa9e7d2cc437

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    361b86ff06a47d08950ae3b67c30bc3d

    SHA1

    0d238794a5d38d68b2de9d4051598478ab65dd5c

    SHA256

    ac540d1fc1bc8d6523542c40d1157a717c60155368dd64840e4c571bdaae50fe

    SHA512

    c370c9b1e83c3b596345d46415428ae4d84d0218291bd9cf21e2b5ccf43a8a085ed699a44c33f16031366dc8522961c4ff0846b4ddb1a89e859bb831fa949bb3

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    a24b437441ce6818d2ab866ee8f99a8e

    SHA1

    b0fb88d2a251f777560bfab33213bc4e943e52d5

    SHA256

    71461e7b7bf0166edc84a97bef2bc004ac4d528b4099589535f0343dde09a421

    SHA512

    7accdda0708177a385f1aacb996b777e978b8b0ff48bc8feeebe833197bd783a1cf765872608bf125d62030b09c77c77e795fcb2327ac6defca37eb87c405af7

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    426B

    MD5

    9dbfacf57ccad741b2743e5ad0ed9f68

    SHA1

    9e9ac8c6f4f9455ec76ce00f593e54e86bf7ad52

    SHA256

    c8269ff9b4733ef3b3222a7e7b38649b12ce3d5048b77605989ddd4853872a5f

    SHA512

    f64f2cd6f8d3e55de042f83e6982ff1e29a759293dbbf380f7f4d17eaeb065515f801b8fb80977e4a003f7f0c9e713789ef4ab95c23898cfbe3ae9ae8a4be30e

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    2506b2a539e431d6861e21f0c91120ab

    SHA1

    69cc28620ed562fecc583e4ac5c5cc9fed6ba271

    SHA256

    9601e3e35a9b0a62fb3f50fd29450af6a849f78a81768678de43a0bdae50b46e

    SHA512

    58eb41ff7268d8a477841060cd2c729571eda8d05ca4599830ef3a0d3665fe8c4287693834f05a95652cbe674d748172d5471480e7204cd9290735f21c11bc51

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    827B

    MD5

    a7662e7d10e1d475191582bef1de1412

    SHA1

    f742b8847b0dbfc9fe3a932d6f44b26f04e16bb1

    SHA256

    0582335768fbb77a3ccf3c6024ba8da216e641fd4481687108db759d523ff0d4

    SHA512

    83f704a0827de1d4c4fd933e2b323edbb62934f8cf0ab72f2a3687fa9adf3b8b34837960ca6a4a3c75ed0e8e450f3442d8f9e2fdb00c40495d49c18e4d5ad9ac

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    9KB

    MD5

    82934c9a9c0a2d625f2c13b1a5229ce1

    SHA1

    030c58a2977c60cf8459fef8f71b0f33126989df

    SHA256

    2feb853d787d84c09acf63a6f4a16d133cc45c4594418a1f7ca468eb3220a6c8

    SHA512

    83fec3872eb514350cec0fcc2dd02aa069a9cc469943d4a09d6c915ffcf16b4da243f44fc3d191989e3bc30333ce5a00222a28548aac69770aca57d53fce2f3c

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    3.0MB

    MD5

    816ff97c55fa609561bd900657ad5431

    SHA1

    c11f5860337170602824e4c4dc11aac011eb5082

    SHA256

    cedb29b3dff81aa6652eebd774a501452b16547b627939405f5fb74da849bd09

    SHA512

    841bfc69e1cf7508b120d3b17f63590ad8c7ff656615c182b53258783a266893f38239916b3f4d2b4f977aede3f6ce7cfc34881fc2fb37f43ed1bfde838c7b16

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    5bef64cc7650cce5b95c17f2f7de0d41

    SHA1

    cf282932713ecb4bc4975f3a43185a598338a2c2

    SHA256

    5f9da690e712f4cc30ec9888f166676b677beb32a3c67b614b3c5f33d083022a

    SHA512

    42a2305c9af3281c190b8305333f5da30d82efaf10389319ffe35f154a1e258b065df4114eef1d47da0eaa50ec874538747aae5b778c679a094ab1dc157c0586

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-05.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit